一、root賬號使用ssh-keygen 生成密匙
[root@vmware ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: a8:15:87:79:47:07:10:cf:c7:73:3c:bd:91:11:2b:12 root@vmware The key's randomart image is: +--[ RSA 2048]----+ | oooE. o.| | o + o.. .+| | + o +.+.++.| | = . ..o..o| | o S . | | o | | . | | | | | +-----------------+ [root@vmware ~]#
二、發布公鑰 -i 指定本地公鑰存放路徑
[root@vmware ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.113 -p36000 The authenticity of host '[10.0.1.113]:36000 ([10.0.1.113]:36000)' can't be established. ECDSA key fingerprint is 00:6b:71:8a:34:4c:60:d8:ff:c6:81:27:77:77:d1:ff. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.0.1.113's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p '36000' 'root@10.0.1.113'" and check to make sure that only the key(s) you wanted were added.
三、直接登錄
[root@vmware ~]# ssh root@10.0.1.113 -p36000 Last login: Thu May 24 16:02:49 2018 from 10.0.5.134 [root@yzh-jkb-privatization ~]#
四、直接查看拷貝過去的文件,會將id_dsa.pub 重命名為:
[root@yzh-jkb-privatization /]# ls /root/.ssh/authorized_keys
/root/.ssh/authorized_keys
[root@yzh-jkb-privatization .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/mi0jrbM13E8f89yFy+Mro2u+VYoSAiXgoOMrm2eZlss6nHdp8oV/qGTGucNPPVGGB6rHm6fvl/Z75u2CExJWUw3bSvevHieV3dfHngPHANDnxM6JXtr6DBjKVcKm3Bv+QlpvUJ/LJixnsTE4rgX4G1OWCP92q77eM0LEhD8eZllXCC/AkLxxxxxxxxxVNZehmR5BhJ/d4/Ad26idABX67dsQHZ1BxAha1AFF9uwZeNw1oJWqahkXFY8l+3YEWkrqBZsDZ67A81DmTBV7bbqwcqicHejHbScN101tg973XACGkXQxugPkGJxozn64CCs0dIt+Dk7qe4HYbTtE37 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCntTKU2jJhHWNt3PfMM2443B+t5R4mrgVQ3UoqRoSaSVMaLkSOpxl9NW2KPYf0U3MueV0rPpW1MnzL1YYITKqvhvrq0ae5ByRsdoEJK62tJc5RrPt2RHRdN1hrImz3Bmpc5mC9bAvqESzeTvMRhHZe/rL1WDZ4qDV1DGKCaxxxxxxxxEflwNVzUTAGXPQcKg54adnF4GYCEArzFd1PbGK6M24pjlQ3lBEyvMtZf2N8Jl/Q8bScbMCO2Fm/bjHyB33ix2RjCfvdF8hWY0weVgtdC6U+uRf1EGjTsEjU16EyfkmaoD+IYnlqF/ffSBHsr128cQaZhv+Af admin@steven.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDK5fz2aaIL3FgYETzFemnzoemZhJ6VBE/+HfDvrNgAqkjr/FlPrJWO1iObpIBLgxxxxxxxg6X1l6oTONXc8W1G4bFDnAuw1r/ZY1uVPi/sadqEl7jPE8XLqeV70L7E5wDyrkq2H2sZr8rA4hQ/f+l12jLaG0b3pd2U7rA7ylazsd3eYxpik5B4/arepf/exy/zEyTQkTXo7OVbFae0fWn/yThlu6UA1cqIankYsX3toy5FhO1LO21dEFiWgJ+wcykQiE7fndErX+Ht9vX1T80oPqNSBFFRELUVHGP42R4JtVzFdjlrcwpAcdFJ9Ry8LutUEdGGl2xHM9Ki7Ld9+Z root@vmware
五、普通用戶登錄
1、本機創建用戶 useradd username
2、echo xxx密碼 | passwd --stdin username
3、ssh-copy-d -i /root/.ssh/id_rsa.pub username@10.0.1.113
六、把文件從遠程主機 copy 到當前系統
[root@vmware ~]# scp -P36000 root@10.0.1.113:/jkb-install-20180420.tar.gz / jkb-install-20180420.tar.gz 4% 47MB 8.3MB/s 02:09 ETA 拷貝目錄 加 -r 參數
七、服務端配置
[root@vmware ~]# cat /etc/ssh/sshd_config
1、說明
#Port 22 # 默認 不是注釋 Port 36000 # 可以添加多個端口號 #ListenAddress 0.0.0.0 #設置sshd服務器綁定的ip地址,0.0.0.0 表示監聽多有地址 ListenAddress 10.0.1.119 # 只允許此ip訪問 #Protocol 2 # 協議,如果用1,在后面添加 ,1
#LogLevel INFO # 日志記錄登記 info級別以上 #PermitRootLogin yes # 默認允許root用戶登錄 PasswordAuthentication yes # 密碼驗證 #PermitEmptyPasswords no # 允許密碼為空 no #LoginGraceTime 2m # 登錄時輸入密碼時間,如果超過改時間,強迫斷線,無單位時為s #PrintMotd yes # 登錄后是否顯示一些信息,打印的是/etc/motd 這個文檔的內容。 #UseDNS yes #判斷客戶端來源是否正常合法,因此會使用DNS反查客戶主機名,如果在內網連接,設置為no 聯機速度會快一些 UsePrivilegeSeparation sandbox # 是否權限較低的程序提供用戶操作,當普通用戶登錄,這個值會讓sshd產生一個屬於自己的sshd程序來使用,而不是root的程序,相對系統來說較為安全。
2、日志存放目錄/var/log/secure
# The authpriv file has restricted access. authpriv.* /var/log/secure
3、